Resolved Issues – FortiAnalyzer 5.4

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 5.4.0. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID Description
298415 FortiAnalyzer cannot add FortiController 5103B as a syslog device.
292606 FortiAnalyzer cannot accept logs from FortiADC.
279319 Non-existing VDOMs with strange characters are displayed.
Bug ID Description
307732 F3K2D-DC logs are recognized as Syslogs.

Event Management

Bug ID Description
299664 The RPI field is missing from Syslog alert.
287216 Event Handlers returns SQL error: duplicated key (Alert ID) when inserting alert_logs.
284440 There is an invalid Ref Field in the FortiGate Logs.
270264 Change Device ID to Device Name in an Email subject line subject line.


Bug ID Description
298726 Top Threats may not show any results that reflect the corresponding threat logs.
291597 The Application icons are not displayed in FortiView and Log View.
280309 FortiView Resource Usage does not display peak values.
280181 FortiAnalyzer does not display IP/MAC information in DHCP logs.


Bug ID Description
300877 Users are unable to choose columns when creating a table chart from dataset.

Resolved Issues

Bug ID Description
299509 IPv6 logs that are sent to Syslog server via log forwarding are different from IPv6 logs that are sent directly from FortiGate.
291652 Fortilogd may be blocked by slow TCP log forwarding and stop receiving incoming logs.
286804 Search takes longer than expected and may return unexpected results.
286190 The “Last 5 min” interval option is missing from the FortiLog Time Interval List .
284658 FortiAnalyzer does not refresh the list of logs with the Go button.
281953 Advanced ADOM mixes up logs from different VDOMs.
280891 Several fields are missing when viewing FortiSandbox logs.
280873 String value in the Extension Field that is formatted using CEF is surrounded by quotes.
280578 When the Language setting is set to Japanese, FortiAnalyzer shows columns with the same heading.
280192 Base64 encoded “log-attack-context” log is not readable.
280192 Base64 encoded log-attack-context events are not readable on FortiAnalyzer.
280053 Attack Context ID for Intrusion Prevention logs are not parsed properly.
278804 FortiAnalyzer does not restrict the number for Last N days in Log View.
278453 FortiAnalyzer returns an error and stops a query when the Source IP is an invalid IP address.
278077 Traffic log table still displays the Date/Time column even though it has been disabled via Column Settings.
276989 Scan Start and End times should be displayed in a readable format instead of in epoch mode.
276491 GTP specific fields are missing in Event Log Viewer after an upgrade.



Bug ID Description
300569 When there are many hcache tables, the SQL query for report generation may fail.
298217 The report generated for “Active Traffic Users” has data inconsistent with the dataset output.
295987 The “Top 20 Bandwidth Users” report that runs with the “Webfilter-Top-Web-Users-ByBandwidth” data set may not return correct data.
292983 The apprisk-ctrl-Common-Virus-Botnet-Spyware dataset may filter out botnet applications.
291808 Some VDOMs are missing under the Configuration tab of a report.
286653 When selecting a background image, the footer background color does not apply to the cover page.
286588 Creating hcache does not work after enabling the Report Group.
284133 When using the $flex_timescale, the Start time and End time are not correct in the SQL.
283433 User filter does not work when the username contains the \ character.
275394 FortiAnalyzer loses auto column update in chart when the dataset is changed.
272777 When query results contain the # character, it cannot be displayed in the table chart.
262593 Japanese characters in a PDF formatted report are displayed in an unexpected front style.
257691 Report line chart limits the number of items depending on the period specified for the report.
231536 A Group Report should not be generated when the Multiple Reports (Per-Device) option is selected.

System Settings

Bug ID Description
278334 FortiAnalyzer displays inconsistent behavior for read-only admin profiles.
270785 When the license count is exceeded, the alert message does not appear.

Resolved Issues


Bug ID Description
306160 Syslog is trimmed when being forwarded to a syslog server.
296481 The getFazGeneratedReport XML call should include macro data in the report_ data.txt file.
296228 FortiAnalyzer should support TLS v1.1 and v1.2.
295051 Within a XML response, the report name always has prefix “S-{layout-id}_t{layout-id}-


294453 Some SOAP API calls may not close connections.
291013 Oftpd may crash in some situations.
286512 Device version is not set in the CEF message header field.
286498 FortiAnalyzer does not back up logs to FTP when using log-file-archive-name extended .
283832 Oftp keeps updating the address from multiple VDOMs when the FortiAnalyzer override is enabled in each of the VDOMs.
279760 FortiAnalyzer returns an error when running searchFazLog using duration or sentbyte as searchCriteria with the XML API.
277478 Several ERROR: extra data after last expected column messages appear in the pgsvr.log.
275008 The fazmaild daemon stops working.
241924 The Drilldown to UTM tabs of FortiGate do not show the correct UTM log entry when the device is FortiAnalyzer.
This entry was posted in FortiAnalyzer on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.